opendev/system-config
Code Issues Proposed changes
c009700ca4
system-config/modules/openstack_project/manifests/server.pp
Jeremy Stanley 94acd79ea0 Puppet the Ubuntu sources.list files on servers 
Because some of our virtual machine providers have perverse ideas
about maintaining their own mirrors of security update package
repositories, which is widely acknowledged[*] as an unsafe practice,
it's easiest to just fix this with a consistent sources.list file
across all our servers and not bother with package mirrors for now.

Note this should not affect our single-use workers as they do not
apply the openstack_project::server class.

[*] http://askubuntu.com/questions/646853

Change-Id: I26c1ba0e0b6366249b9634f85bb54ed412ecb789
2016-01-15 19:09:12 +00:00

47 lines
1.7 KiB
Puppet
Raw Blame History

# == Class: openstack_project::server
#
# A server that we expect to run for some time
class openstack_project::server (
$iptables_public_tcp_ports = [],
$iptables_public_udp_ports = [],
$iptables_rules4 = [],
$iptables_rules6 = [],
$sysadmins = [],
$certname = $::fqdn,
$pin_puppet = '3.',
$ca_server = undef,
$enable_unbound = true,
$afs = false,
$puppetmaster_server = 'puppetmaster.openstack.org',
$manage_exim = true,
$pypi_index_url = 'https://pypi.python.org/simple',
$pypi_trusted_hosts = [
'pypi.bhs1.openstack.org',
'pypi.dfw.openstack.org',
'pypi.gra1.openstack.org',
'pypi.iad.openstack.org',
'pypi.nyj01.openstack.org',
'pypi.ord.openstack.org',
'pypi.region-b.geo-1.openstack.org',
'pypi.regionone.openstack.org',
],
) {
class { 'openstack_project::template':
iptables_public_tcp_ports => $iptables_public_tcp_ports,
iptables_public_udp_ports => $iptables_public_udp_ports,
iptables_rules4 => $iptables_rules4,
iptables_rules6 => $iptables_rules6,
certname => $certname,
pin_puppet => $pin_puppet,
ca_server => $ca_server,
puppetmaster_server => $puppetmaster_server,
enable_unbound => $enable_unbound,
afs => $afs,
manage_exim => $manage_exim,
sysadmins => $sysadmins,
pypi_index_url => $pypi_index_url,
pypi_trusted_hosts => $pypi_trusted_hosts,
purge_apt_sources => true,
}
}
View Git Blame Copy Permalink